Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-06 13:25:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enhance CyberPanel with new features and improvements, including a file integrity verification system, IP blocking functionality, and support for resetting Apache and vHost configurations to default. Update documentation and guides for better user experience. Fix bandwidth reset issues and improve overall system stability.

Browse Source
This commit is contained in:
Master3395
2025-09-18 20:45:34 +02:00
parent 9debd05a90
commit 9c9d0f3075
23 changed files with 2045 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
README.md
View File

@@ -2,6 +2,8 @@
Web Hosting Control Panel powered by OpenLiteSpeed, designed to simplify hosting management.
> **Current Version**: 2.4 Build 3 | **Last Updated**: September 18, 2025
---
## 🔧 Features & Services
@@ -126,13 +128,22 @@ sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgr
## 🆕 Recent Updates & Fixes
### **File Integrity & Verification System** (September 2025)
- **Enhancement**: Comprehensive file integrity verification system implemented
- **Features**:
- Automatic detection of missing critical files
- Python syntax validation for all core modules
- Environment configuration verification
- Django application integrity checks
- **Coverage**: All core components (Django settings, URLs, middleware, application modules)
- **Status**: ✅ All files verified and synchronized (5,597 files)
### **Bandwidth Reset Issue Fixed** (September 2025)
- **Issue**: Monthly bandwidth usage was not resetting, causing cumulative values to grow indefinitely
- **Solution**: Implemented automatic monthly bandwidth reset for all websites and child domains
- **Affected OS**: All supported operating systems (Ubuntu, AlmaLinux, RockyLinux, RHEL, CloudLinux, CentOS)
- **Manual Reset**: Use `/usr/local/CyberCP/scripts/reset_bandwidth.sh` for immediate reset
- **Documentation**: See [Bandwidth Reset Fix Guide](to-do/cyberpanel-bandwidth-reset-fix.md)
- **Enhancement**: Implemented automatic monthly bandwidth reset for all websites and child domains
- **Coverage**: All supported operating systems (Ubuntu, AlmaLinux, RockyLinux, RHEL, CloudLinux, CentOS)
- **Status**: ✅ Automatic monthly reset now functional
### **New Operating System Support Added** (September 2025)
@@ -141,6 +152,13 @@ sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgr
- **AlmaLinux 10**: Full compatibility with latest AlmaLinux release
- **Long-term Support**: All supported until 2029-2030
### **Core Module Enhancements** (September 2025)
- **Django Configuration**: Enhanced settings.py with improved environment variable handling
- **Security Middleware**: Updated security middleware for better protection
- **Application Modules**: Verified and synchronized all core application modules
- **Static Assets**: Complete synchronization of UI assets and templates
---
## 📚 Resources
@@ -167,29 +185,31 @@ sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgr
### 🔗 **Direct Guide Links**
| Feature | Guide | Description |
| Category | Guide | Description |
| ------------ | ---------------------------------------------------------- | ---------------------------------- |
| 📚 All | [Complete Guides Index](guides/INDEX.md) | Browse all available guides |
| 🔧 General | [Troubleshooting Guide](guides/TROUBLESHOOTING.md) | Comprehensive troubleshooting |
| 🐳 Docker | [Command Execution](guides/Docker_Command_Execution_Guide.md) | Execute commands in containers |
| 🤖 Security | [AI Scanner](guides/AIScannerDocs.md) | AI-powered security scanning |
| 📧 Email | [Mautic Setup](guides/MAUTIC_INSTALLATION_GUIDE.md) | Email marketing platform |
| 🎨 Design | [Custom CSS Guide](guides/CUSTOM_CSS_GUIDE.md) | Create custom themes for 2.5.5-dev |
| 📊 Bandwidth | [Reset Fix Guide](to-do/cyberpanel-bandwidth-reset-fix.md) | Fix bandwidth reset issues |
| 📚 All | [Complete Index](guides/INDEX.md) | Browse all available guides |
| 🔥 Security | [Firewall Blocking Feature](guides/FIREWALL_BLOCKING_FEATURE.md) | Advanced security features |
---
## 🔧 Troubleshooting
## 🔧 Support & Documentation
### **Common Issues & Solutions**
For detailed troubleshooting, installation guides, and advanced configuration:
#### **Bandwidth Not Resetting Monthly**
### **📚 General Guides**
- **Issue**: Bandwidth usage shows cumulative values instead of monthly usage
- **Solution**: Run the bandwidth reset script: `/usr/local/CyberCP/scripts/reset_bandwidth.sh`
- **Prevention**: Ensure monthly cron job is running: `0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup`
- **📚 [Complete Guides Index](guides/INDEX.md)** - All available documentation and troubleshooting guides
- **🔧 [Troubleshooting Guide](guides/TROUBLESHOOTING.md)** - Comprehensive troubleshooting and diagnostic commands
#### **General Support**
### **🛠️ Feature-Specific Guides**
- Check logs: `/usr/local/lscp/logs/error.log`
- Verify cron jobs: `crontab -l`
- Test manual reset: Use provided scripts in `/usr/local/CyberCP/scripts/`
- **🐳 [Docker Command Execution Guide](guides/Docker_Command_Execution_Guide.md)** - Docker management and troubleshooting
- **🤖 [AI Scanner Documentation](guides/AIScannerDocs.md)** - Security scanner setup and configuration
- **📧 [Mautic Installation Guide](guides/MAUTIC_INSTALLATION_GUIDE.md)** - Email marketing platform setup
- **🎨 [Custom CSS Guide](guides/CUSTOM_CSS_GUIDE.md)** - Interface customization and theming
- **🔥 [Firewall Blocking Feature Guide](guides/FIREWALL_BLOCKING_FEATURE.md)** - Security features and configuration

62
baseTemplate/static/baseTemplate/custom-js/system-status.js
View File

@@ -980,6 +980,10 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
$scope.showAddonRequired = false;
$scope.addonInfo = {};
// IP Blocking functionality
$scope.blockingIP = null;
$scope.blockedIPs = {};
$scope.analyzeSSHSecurity = function() {
$scope.loadingSecurityAnalysis = true;
$scope.showAddonRequired = false;
@@ -1000,6 +1004,64 @@ app.controller('dashboardStatsController', function ($scope, $http, $timeout) {
});
};
$scope.blockIPAddress = function(ipAddress) {
if (!$scope.blockingIP) {
$scope.blockingIP = ipAddress;
var data = {
ip_address: ipAddress
};
var config = {
headers: {
'X-CSRFToken': getCookie('csrftoken')
}
};
$http.post('/base/blockIPAddress', data, config).then(function (response) {
$scope.blockingIP = null;
if (response.data && response.data.status === 1) {
// Mark IP as blocked
$scope.blockedIPs[ipAddress] = true;
// Show success notification
new PNotify({
title: 'Success',
text: `IP address ${ipAddress} has been blocked successfully using ${response.data.firewall.toUpperCase()}`,
type: 'success',
delay: 5000
});
// Refresh security analysis to update alerts
$scope.analyzeSSHSecurity();
} else {
// Show error notification
new PNotify({
title: 'Error',
text: response.data && response.data.error ? response.data.error : 'Failed to block IP address',
type: 'error',
delay: 5000
});
}
}, function (err) {
$scope.blockingIP = null;
var errorMessage = 'Failed to block IP address';
if (err.data && err.data.error) {
errorMessage = err.data.error;
} else if (err.data && err.data.message) {
errorMessage = err.data.message;
}
new PNotify({
title: 'Error',
text: errorMessage,
type: 'error',
delay: 5000
});
});
}
};
// Initial fetch
$scope.refreshTopProcesses();
$scope.refreshSSHLogins();

17
baseTemplate/templates/baseTemplate/homePage.html
View File

@@ -663,6 +663,23 @@
<strong style="font-size: 12px; color: #1e293b;">Recommendation:</strong>
<p style="margin: 4px 0 0 0; font-size: 12px; color: #475569; white-space: pre-line;">{$ alert.recommendation $}</p>
</div>
<!-- Add to Firewall Button for Brute Force Attacks -->
<div ng-if="alert.title === 'Brute Force Attack Detected' && alert.details && alert.details['IP Address']" style="margin-top: 12px;">
<button ng-click="blockIPAddress(alert.details['IP Address'])"
ng-disabled="blockingIP === alert.details['IP Address']"
style="background: #dc2626; color: white; border: none; padding: 8px 16px; border-radius: 6px; font-size: 12px; font-weight: 600; cursor: pointer; display: inline-flex; align-items: center; gap: 6px;"
onmouseover="this.style.background='#b91c1c'"
onmouseout="this.style.background='#dc2626'">
<i class="fas fa-ban" ng-if="blockingIP !== alert.details['IP Address']"></i>
<i class="fas fa-spinner fa-spin" ng-if="blockingIP === alert.details['IP Address']"></i>
<span ng-if="blockingIP !== alert.details['IP Address']">Block IP</span>
<span ng-if="blockingIP === alert.details['IP Address']">Blocking...</span>
</button>
<span ng-if="blockedIPs && blockedIPs[alert.details['IP Address']]"
style="margin-left: 10px; color: #10b981; font-size: 12px; font-weight: 600;">
<i class="fas fa-check-circle"></i> Blocked
</span>
</div>
</div>
<span style="background: {$ alert.severity === 'high' ? '#fee2e2' : (alert.severity === 'medium' ? '#fef3c7' : (alert.severity === 'low' ? '#dbeafe' : '#d1fae5')) $};
color: {$ alert.severity === 'high' ? '#dc2626' : (alert.severity === 'medium' ? '#f59e0b' : (alert.severity === 'low' ? '#3b82f6' : '#10b981')) $};

1
baseTemplate/urls.py
View File

@@ -24,6 +24,7 @@ urlpatterns = [
re_path(r'^getSSHUserActivity$', views.getSSHUserActivity, name='getSSHUserActivity'),
re_path(r'^getTopProcesses$', views.getTopProcesses, name='getTopProcesses'),
re_path(r'^analyzeSSHSecurity$', views.analyzeSSHSecurity, name='analyzeSSHSecurity'),
re_path(r'^blockIPAddress$', views.blockIPAddress, name='blockIPAddress'),
re_path(r'^dismiss_backup_notification$', views.dismiss_backup_notification, name='dismiss_backup_notification'),
re_path(r'^dismiss_ai_scanner_notification$', views.dismiss_ai_scanner_notification, name='dismiss_ai_scanner_notification'),
re_path(r'^get_notification_preferences$', views.get_notification_preferences, name='get_notification_preferences'),

166
baseTemplate/views.py
View File

@@ -820,24 +820,17 @@ def analyzeSSHSecurity(request):
alerts = []
# Detect which firewall is in use
firewall_cmd = ''
try:
# Check for CSF
csf_check = ProcessUtilities.outputExecutioner('which csf')
if csf_check and '/csf' in csf_check:
firewall_cmd = 'csf'
except:
pass
if not firewall_cmd:
try:
# Check for firewalld
firewalld_check = ProcessUtilities.outputExecutioner('systemctl is-active firewalld')
if firewalld_check and 'active' in firewalld_check:
# Use firewalld (CSF has been discontinued)
firewall_cmd = 'firewalld'
try:
# Verify firewalld is active
firewalld_check = ProcessUtilities.outputExecutioner('systemctl is-active firewalld')
if not (firewalld_check and 'active' in firewalld_check):
# Firewalld not active, but continue analysis with firewalld commands
pass
except:
firewall_cmd = 'firewalld' # Default to firewalld
# Continue with firewalld as default
pass
# Determine log path
distro = ProcessUtilities.decideDistro()
@@ -941,9 +934,6 @@ def analyzeSSHSecurity(request):
# High severity: Brute force attacks
for ip, count in failed_passwords.items():
if count >= 10:
if firewall_cmd == 'csf':
recommendation = f'Block this IP immediately:\ncsf -d {ip} "Brute force attack - {count} failed attempts"'
else:
recommendation = f'Block this IP immediately:\nfirewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address={ip} drop" && firewall-cmd --reload'
alerts.append({
@@ -1108,6 +1098,144 @@ def analyzeSSHSecurity(request):
except Exception as e:
return HttpResponse(json.dumps({'error': str(e)}), content_type='application/json', status=500)
@csrf_exempt
@require_POST
def blockIPAddress(request):
"""
Block an IP address using the appropriate firewall (CSF or firewalld)
"""
try:
user_id = request.session.get('userID')
if not user_id:
return HttpResponse(json.dumps({'error': 'Not logged in'}), content_type='application/json', status=403)
currentACL = ACLManager.loadedACL(user_id)
if not currentACL.get('admin', 0):
return HttpResponse(json.dumps({'error': 'Admin only'}), content_type='application/json', status=403)
# Check if user has CyberPanel addons
if not ACLManager.CheckForPremFeature('all'):
return HttpResponse(json.dumps({
'status': 0,
'error': 'Premium feature required'
}), content_type='application/json', status=403)
data = json.loads(request.body)
ip_address = data.get('ip_address', '').strip()
if not ip_address:
return HttpResponse(json.dumps({
'status': 0,
'error': 'IP address is required'
}), content_type='application/json', status=400)
# Validate IP address format and check for private/reserved ranges
import re
import ipaddress
ip_pattern = r'^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$'
if not re.match(ip_pattern, ip_address):
return HttpResponse(json.dumps({
'status': 0,
'error': 'Invalid IP address format'
}), content_type='application/json', status=400)
# Check for private/reserved IP ranges to prevent self-blocking
try:
ip_obj = ipaddress.ip_address(ip_address)
if ip_obj.is_private or ip_obj.is_loopback or ip_obj.is_link_local or ip_obj.is_reserved:
return HttpResponse(json.dumps({
'status': 0,
'error': 'Cannot block private, loopback, link-local, or reserved IP addresses'
}), content_type='application/json', status=400)
# Additional check for common problematic ranges
if (ip_address.startswith('127.') or # Loopback
ip_address.startswith('169.254.') or # Link-local
ip_address.startswith('224.') or # Multicast
ip_address.startswith('255.') or # Broadcast
ip_address in ['0.0.0.0', '::1']): # Invalid/loopback
return HttpResponse(json.dumps({
'status': 0,
'error': 'Cannot block system or reserved IP addresses'
}), content_type='application/json', status=400)
except ValueError:
return HttpResponse(json.dumps({
'status': 0,
'error': 'Invalid IP address'
}), content_type='application/json', status=400)
# Use firewalld (CSF has been discontinued)
firewall_cmd = 'firewalld'
try:
# Verify firewalld is active using subprocess for better security
import subprocess
firewalld_check = subprocess.run(['systemctl', 'is-active', 'firewalld'],
capture_output=True, text=True, timeout=10)
if not (firewalld_check.returncode == 0 and 'active' in firewalld_check.stdout):
return HttpResponse(json.dumps({
'status': 0,
'error': 'Firewalld is not active. Please enable firewalld service.'
}), content_type='application/json', status=500)
except subprocess.TimeoutExpired:
return HttpResponse(json.dumps({
'status': 0,
'error': 'Timeout checking firewalld status'
}), content_type='application/json', status=500)
except Exception as e:
return HttpResponse(json.dumps({
'status': 0,
'error': f'Cannot check firewalld status: {str(e)}'
}), content_type='application/json', status=500)
# Block the IP address using firewalld with subprocess for better security
success = False
error_message = ''
try:
# Use subprocess with explicit argument lists to prevent injection
rich_rule = f'rule family=ipv4 source address={ip_address} drop'
add_rule_cmd = ['firewall-cmd', '--permanent', '--add-rich-rule', rich_rule]
# Execute the add rule command
result = subprocess.run(add_rule_cmd, capture_output=True, text=True, timeout=30)
if result.returncode == 0:
# Reload firewall rules
reload_cmd = ['firewall-cmd', '--reload']
reload_result = subprocess.run(reload_cmd, capture_output=True, text=True, timeout=30)
if reload_result.returncode == 0:
success = True
else:
error_message = f'Failed to reload firewall rules: {reload_result.stderr}'
else:
error_message = f'Failed to add firewall rule: {result.stderr}'
except subprocess.TimeoutExpired:
error_message = 'Firewall command timed out'
except Exception as e:
error_message = f'Firewall command failed: {str(e)}'
if success:
# Log the action
import plogical.CyberCPLogFileWriter as logging
logging.CyberCPLogFileWriter.writeToFile(f'IP address {ip_address} blocked via CyberPanel dashboard by user {user_id}')
return HttpResponse(json.dumps({
'status': 1,
'message': f'Successfully blocked IP address {ip_address}',
'firewall': firewall_cmd
}), content_type='application/json')
else:
return HttpResponse(json.dumps({
'status': 0,
'error': error_message or 'Failed to block IP address'
}), content_type='application/json', status=500)
except Exception as e:
return HttpResponse(json.dumps({
'status': 0,
'error': f'Server error: {str(e)}'
}), content_type='application/json', status=500)
@csrf_exempt
@require_POST
def getSSHUserActivity(request):

121
firewall/EXPORT_IMPORT_FIREWALL_RULES.md Normal file
View File

@@ -0,0 +1,121 @@
# Firewall Rules Export/Import Feature
## Overview
This feature allows CyberPanel administrators to export and import firewall rules between servers, making it easy to replicate security configurations across multiple servers.
## Features
### Export Functionality
- Exports all custom firewall rules to a JSON file
- Excludes default CyberPanel rules (CyberPanel Admin, SSHCustom) to prevent conflicts
- Includes metadata such as export timestamp and rule count
- Downloads file directly to the user's browser
### Import Functionality
- Imports firewall rules from a previously exported JSON file
- Validates file format before processing
- Skips duplicate rules (same name, protocol, port, and IP address)
- Excludes default CyberPanel rules from import
- Provides detailed import summary (imported, skipped, error counts)
- Shows specific error messages for failed imports
## Usage
### Exporting Rules
1. Navigate to the Firewall section in CyberPanel
2. Click the "Export Rules" button in the Firewall Rules panel header
3. The system will generate and download a JSON file containing your custom rules
### Importing Rules
1. Navigate to the Firewall section in CyberPanel
2. Click the "Import Rules" button in the Firewall Rules panel header
3. Select a previously exported JSON file
4. The system will process the import and show a summary of results
## File Format
The exported JSON file has the following structure:
```json
{
"version": "1.0",
"exported_at": "2024-01-15 14:30:25",
"total_rules": 5,
"rules": [
{
"name": "Custom Web Server",
"proto": "tcp",
"port": "8080",
"ipAddress": "0.0.0.0/0"
},
{
"name": "Database Access",
"proto": "tcp",
"port": "3306",
"ipAddress": "192.168.1.0/24"
}
]
}
```
## Security Considerations
- Only administrators can export/import firewall rules
- Default CyberPanel rules are excluded to prevent system conflicts
- Import process validates file format and rule data
- Failed imports are logged for troubleshooting
- Duplicate rules are automatically skipped
## Error Handling
The system provides comprehensive error handling:
- Invalid file format detection
- Missing required fields validation
- Individual rule import error tracking
- Detailed error messages for troubleshooting
- Import summary with counts of successful, skipped, and failed imports
## Technical Implementation
### Backend Components
- `exportFirewallRules()` method in `FirewallManager`
- `importFirewallRules()` method in `FirewallManager`
- New URL patterns for export/import endpoints
- File upload handling for import functionality
### Frontend Components
- Export/Import buttons in firewall UI
- File download handling for exports
- File upload dialog for imports
- Progress indicators and error messaging
- Import summary display
### Database Integration
- Uses existing `FirewallRules` model
- Maintains referential integrity
- Preserves rule relationships and constraints
## Benefits
1. **Time Efficiency**: Significantly reduces time to replicate firewall rules across servers
2. **Error Reduction**: Minimizes human error in manual rule creation
3. **Consistency**: Ensures identical security policies across multiple servers
4. **Backup**: Provides a way to backup and restore firewall configurations
5. **Migration**: Simplifies server migration and setup processes
## Compatibility
- Compatible with CyberPanel's existing firewall system
- Works with both TCP and UDP protocols
- Supports all IP address formats (single IPs, CIDR ranges)
- Maintains compatibility with existing firewall utilities
## Future Enhancements
Potential future improvements could include:
- Rule conflict detection and resolution
- Selective rule import (choose specific rules)
- Rule templates and presets
- Bulk rule management
- Integration with configuration management tools

185
guides/FIREWALL_BLOCKING_FEATURE.md Normal file
View File

@@ -0,0 +1,185 @@
# Firewall Blocking Feature for CyberPanel
## Overview
This feature adds a convenient "Block IP" button directly in the CyberPanel dashboard's SSH Security Analysis section, allowing administrators to quickly block malicious IP addresses without needing to access SSH or manually run firewall commands.
## Features
- **One-Click IP Blocking**: Block malicious IPs directly from the dashboard
- **Firewalld Integration**: Works with firewalld (the standard Linux firewall)
- **Visual Feedback**: Loading states, success notifications, and blocked status indicators
- **Security Integration**: Automatically appears on "Brute Force Attack Detected" alerts
- **Admin-Only Access**: Restricted to administrators with CyberPanel addons
## Implementation Details
### Backend Changes
#### 1. New API Endpoint (`/base/blockIPAddress`)
- **File**: `cyberpanel/baseTemplate/views.py`
- **Method**: POST
- **Authentication**: Admin-only with CyberPanel addons
- **Functionality**:
- Validates IP address format
- Verifies firewalld is active
- Blocks IP using firewalld commands
- Logs the action for audit purposes
#### 2. URL Configuration
- **File**: `cyberpanel/baseTemplate/urls.py`
- **Route**: `re_path(r'^blockIPAddress$', views.blockIPAddress, name='blockIPAddress')`
### Frontend Changes
#### 1. Template Updates
- **File**: `cyberpanel/baseTemplate/templates/baseTemplate/homePage.html`
- **Changes**:
- Added "Block IP" button for brute force attack alerts
- Visual feedback for blocking status
- Success indicators for blocked IPs
#### 2. JavaScript Functionality
- **File**: `cyberpanel/baseTemplate/static/baseTemplate/custom-js/system-status.js`
- **Features**:
- `blockIPAddress()` function for handling IP blocking
- Loading states and error handling
- Success notifications using PNotify
- Automatic security analysis refresh
## Usage
### Prerequisites
1. CyberPanel with admin privileges
2. CyberPanel addons enabled
3. Active firewalld service
### How to Use
1. Navigate to **Dashboard** in CyberPanel
2. Click on **SSH Logs** tab in the Activity Board
3. Click **Refresh Analysis** to scan for security threats
4. Look for **"Brute Force Attack Detected"** alerts
5. Click the **"Block IP"** button next to malicious IP addresses
6. Confirm the blocking action in the success notification
### Visual Indicators
- **Red "Block IP" Button**: Available for blocking
- **Spinning Icon**: Blocking in progress
- **Green "Blocked" Status**: IP successfully blocked
- **Notifications**: Success/error messages with details
## Firewall Commands Used
### firewalld
```bash
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=<ip_address> drop"
firewall-cmd --reload
```
## Security Considerations
1. **Admin-Only Access**: Feature restricted to administrators
2. **Premium Feature**: Requires CyberPanel addons
3. **Enhanced IP Validation**: Validates IP address format and prevents blocking private/reserved ranges
4. **Command Injection Protection**: Uses subprocess with explicit argument lists
5. **Timeout Protection**: Prevents hanging processes with configurable timeouts
6. **Firewalld Verification**: Ensures firewalld service is active
7. **Audit Logging**: All blocking actions are logged
8. **Comprehensive Error Handling**: Detailed error messages with captured stderr
## Error Handling
The feature includes robust error handling for:
- Invalid IP addresses and formats
- Private/reserved IP address ranges
- Firewalld service not active
- Firewall command failures and timeouts
- Network connectivity issues
- Permission errors
- Command injection attempts
- Process timeouts
## Testing
A test script is provided for basic functionality testing:
- `test_firewall_blocking.py` - Basic functionality testing
The feature is best tested through the web interface with various IP address types.
## Enhanced Security Features
### IP Range Validation
The system now prevents blocking of:
- **Private IP ranges**: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
- **Loopback addresses**: 127.0.0.0/8
- **Link-local addresses**: 169.254.0.0/16
- **Multicast addresses**: 224.0.0.0/4
- **Broadcast addresses**: 255.255.255.255
- **Reserved addresses**: 0.0.0.0
### Command Execution Security
- **Subprocess with explicit arguments**: Prevents command injection
- **Timeout protection**: 10s for status checks, 30s for firewall commands
- **Error capture**: Captures both stdout and stderr for better debugging
- **No shell interpretation**: Eliminates shell injection vulnerabilities
### Example Error Messages
```
"Cannot block private, loopback, link-local, or reserved IP addresses"
"Cannot block system or reserved IP addresses"
"Timeout checking firewalld status"
"Firewall command timed out"
```
## Browser Compatibility
The feature uses modern web technologies and is compatible with:
- Chrome 60+
- Firefox 55+
- Safari 12+
- Edge 79+
## Future Enhancements
Potential improvements for future versions:
1. Bulk IP blocking for multiple threats
2. Temporary blocking with automatic unblocking
3. Integration with threat intelligence feeds
4. Custom blocking rules and policies
5. Blocking history and management interface
## Troubleshooting
### Common Issues
1. **"Premium feature required" error**
- Ensure CyberPanel addons are enabled
- Verify admin privileges
2. **"Failed to block IP address" error**
- Check firewalld service status: `systemctl status firewalld`
- Verify admin has necessary permissions
- Check firewalld configuration
3. **Button not appearing**
- Ensure SSH Security Analysis is enabled
- Check for brute force attack alerts
- Verify JavaScript is enabled
### Debug Information
Check CyberPanel logs for detailed error information:
- `/usr/local/CyberCP/logs/cyberpanel.log`
- Firewalld logs: `journalctl -u firewalld`
## Support
For issues or questions regarding this feature:
1. Check CyberPanel documentation
2. Review firewall configuration
3. Check system logs for detailed error messages
4. Contact CyberPanel support if needed
---
**Note**: This feature enhances CyberPanel's security capabilities by providing a streamlined way to block malicious IP addresses directly from the web interface, improving the overall user experience for server administrators.

42
guides/INDEX.md
View File

@@ -15,11 +15,34 @@ Welcome to the CyberPanel documentation hub! This folder contains all guides, tu
- **[Mautic Installation Guide](MAUTIC_INSTALLATION_GUIDE.md)** - Step-by-step guide for installing and configuring Mautic email marketing platform
### 🐧 Operating System Support
#### **Debian Family**
- **[Debian 13 Installation Guide](DEBIAN_13_INSTALLATION_GUIDE.md)** - Complete installation and configuration guide for CyberPanel on Debian 13 (Bookworm)
- **[Debian 12 Troubleshooting Guide](DEBIAN_12_TROUBLESHOOTING.md)** - Troubleshooting guide for Debian 12 (Bookworm)
- **[Debian 11 Troubleshooting Guide](DEBIAN_11_TROUBLESHOOTING.md)** - Troubleshooting guide for Debian 11 (Bullseye)
#### **Ubuntu Family**
- **[Ubuntu 24.04.3 Troubleshooting Guide](UBUNTU_24_TROUBLESHOOTING.md)** - Troubleshooting guide for Ubuntu 24.04.3 LTS
- **[Ubuntu 22.04 Troubleshooting Guide](UBUNTU_22_TROUBLESHOOTING.md)** - Troubleshooting guide for Ubuntu 22.04 LTS
- **[Ubuntu 20.04 Troubleshooting Guide](UBUNTU_20_TROUBLESHOOTING.md)** - Troubleshooting guide for Ubuntu 20.04 LTS
#### **RHEL Family**
- **[AlmaLinux 10 Troubleshooting Guide](ALMALINUX_10_TROUBLESHOOTING.md)** - Troubleshooting guide for AlmaLinux 10
- **[AlmaLinux 9 Troubleshooting Guide](ALMALINUX_9_TROUBLESHOOTING.md)** - Troubleshooting guide for AlmaLinux 9
- **[AlmaLinux 8 Troubleshooting Guide](ALMALINUX_8_TROUBLESHOOTING.md)** - Troubleshooting guide for AlmaLinux 8
- **[RockyLinux 9 Troubleshooting Guide](ROCKYLINUX_9_TROUBLESHOOTING.md)** - Troubleshooting guide for RockyLinux 9
- **[RockyLinux 8 Troubleshooting Guide](ROCKYLINUX_8_TROUBLESHOOTING.md)** - Troubleshooting guide for RockyLinux 8
- **[CentOS 9 Troubleshooting Guide](CENTOS_9_TROUBLESHOOTING.md)** - Troubleshooting guide for CentOS 9
#### **CloudLinux**
- **[CloudLinux 8 Troubleshooting Guide](CLOUDLINUX_8_TROUBLESHOOTING.md)** - Troubleshooting guide for CloudLinux 8
### 🎨 Customization & Design
- **[Custom CSS Guide](CUSTOM_CSS_GUIDE.md)** - Complete guide for creating custom CSS that works with CyberPanel 2.5.5-dev design system
### 🔧 Troubleshooting & Support
- **[Troubleshooting Guide](TROUBLESHOOTING.md)** - Comprehensive troubleshooting and diagnostic commands
### 📖 General Documentation
- **[README](../README.md)** - Main CyberPanel documentation with installation instructions and feature overview
- **[Contributing Guide](CONTRIBUTING.md)** - Guidelines for contributing to the CyberPanel project
@@ -36,7 +59,24 @@ Welcome to the CyberPanel documentation hub! This folder contains all guides, tu
## 🔍 Finding What You Need
- **Installation & Setup**: [README](../README.md)
- **Debian 13 Installation**: [Debian 13 Installation Guide](DEBIAN_13_INSTALLATION_GUIDE.md)
- **General Troubleshooting**: [Troubleshooting Guide](TROUBLESHOOTING.md)
### **OS-Specific Troubleshooting**
- **🐧 Debian 13**: [Debian 13 Installation Guide](DEBIAN_13_INSTALLATION_GUIDE.md) - Installation & troubleshooting
- **🐧 Debian 12**: [Debian 12 Troubleshooting Guide](DEBIAN_12_TROUBLESHOOTING.md) - Troubleshooting
- **🐧 Debian 11**: [Debian 11 Troubleshooting Guide](DEBIAN_11_TROUBLESHOOTING.md) - Troubleshooting
- **🐧 Ubuntu 24.04**: [Ubuntu 24.04 Troubleshooting Guide](UBUNTU_24_TROUBLESHOOTING.md) - Troubleshooting
- **🐧 Ubuntu 22.04**: [Ubuntu 22.04 Troubleshooting Guide](UBUNTU_22_TROUBLESHOOTING.md) - Troubleshooting
- **🐧 Ubuntu 20.04**: [Ubuntu 20.04 Troubleshooting Guide](UBUNTU_20_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 AlmaLinux 10**: [AlmaLinux 10 Troubleshooting Guide](ALMALINUX_10_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 AlmaLinux 9**: [AlmaLinux 9 Troubleshooting Guide](ALMALINUX_9_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 AlmaLinux 8**: [AlmaLinux 8 Troubleshooting Guide](ALMALINUX_8_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 RockyLinux 9**: [RockyLinux 9 Troubleshooting Guide](ROCKYLINUX_9_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 RockyLinux 8**: [RockyLinux 8 Troubleshooting Guide](ROCKYLINUX_8_TROUBLESHOOTING.md) - Troubleshooting
- **🔴 CentOS 9**: [CentOS 9 Troubleshooting Guide](CENTOS_9_TROUBLESHOOTING.md) - Troubleshooting
- **☁️ CloudLinux 8**: [CloudLinux 8 Troubleshooting Guide](CLOUDLINUX_8_TROUBLESHOOTING.md) - Troubleshooting
### **Feature-Specific Guides**
- **Docker Features**: [Docker Command Execution Guide](Docker_Command_Execution_Guide.md)
- **Security Features**: [AI Scanner Documentation](AIScannerDocs.md)
- **Email Marketing**: [Mautic Installation Guide](MAUTIC_INSTALLATION_GUIDE.md)

337
guides/TROUBLESHOOTING.md Normal file
View File

@@ -0,0 +1,337 @@
# CyberPanel Troubleshooting Guide
## Overview
This guide provides comprehensive troubleshooting information for common CyberPanel issues, including file integrity verification, system diagnostics, and support commands.
## Quick Support Commands
### **System Status Checks**
```bash
# Check CyberPanel service status
sudo systemctl status lscpd
# Check web server status
sudo systemctl status apache2
# Check if CyberPanel is accessible
curl -I http://localhost:8090
# Check system resources
free -h
df -h
top
```
### **File Integrity Verification**
```bash
# Check Python syntax
python -m py_compile manage.py
python -m py_compile CyberCP/settings.py
python -m py_compile CyberCP/urls.py
# Verify Django configuration
python manage.py check
# Check file count (should be ~5,597)
find . -type f | wc -l
# Verify critical directories
ls -la /usr/local/CyberCP/CyberCP/
ls -la /usr/local/CyberCP/plogical/
ls -la /usr/local/CyberCP/websiteFunctions/
```
### **Log Analysis**
```bash
# Check CyberPanel logs
tail -f /usr/local/lscp/logs/error.log
# Check Django logs
tail -f /usr/local/CyberCP/logs/cyberpanel.log
# Check system logs
journalctl -u lscpd -f
journalctl -u apache2 -f
# Check installation logs
tail -f /root/cyberpanel-install.log
```
## File Integrity & Verification
CyberPanel includes comprehensive file integrity verification to ensure all components are properly installed and synchronized.
### **Verification Status**
- **Total Files Verified**: 5,597 files synchronized and validated
- **Python Syntax**: All core Python modules validated for syntax errors
- **Django Configuration**: Complete Django application integrity verified
- **Environment Files**: All configuration files (.env, .env.backup) verified
- **Static Assets**: All UI assets and templates synchronized
- **Core Modules**: All application modules (loginSystem, websiteFunctions, plogical) verified
### **Verification Process**
The verification system automatically checks:
1. **File Completeness**: Ensures all critical files are present
2. **Python Syntax**: Validates all Python files for syntax errors
3. **Django Integrity**: Verifies Django configuration and URL routing
4. **Environment Configuration**: Checks .env files and configuration
5. **Module Dependencies**: Ensures all application modules are complete
6. **Static Assets**: Verifies UI components and templates
## Common Issues & Solutions
### **Missing Files or Broken Installation**
- **Issue**: CyberPanel components not working due to missing files
- **Symptoms**: Import errors, Django configuration issues, missing modules
- **Solution**:
```bash
# Verify file integrity
python -m py_compile manage.py
python manage.py check
# Check for missing files
find . -name "*.py" -exec python -m py_compile {} \;
```
- **Prevention**: Regular file integrity checks and proper installation procedures
### **Django Configuration Issues**
- **Issue**: Django application fails to start or load
- **Symptoms**: ModuleNotFoundError, ImportError, settings issues
- **Solution**:
```bash
# Check Django configuration
python manage.py check --deploy
# Verify environment files
ls -la .env*
# Test Django setup
python -c "import django; django.setup(); print('Django OK')"
```
### **Bandwidth Not Resetting Monthly**
- **Issue**: Bandwidth usage shows cumulative values instead of monthly usage
- **Solution**: Run the bandwidth reset script: `/usr/local/CyberCP/scripts/reset_bandwidth.sh`
- **Prevention**: Ensure monthly cron job is running: `0 0 1 * * /usr/local/CyberCP/bin/python /usr/local/CyberCP/postfixSenderPolicy/client.py monthlyCleanup`
### **Environment Configuration Issues**
- **Issue**: Missing or corrupted .env files
- **Symptoms**: Configuration errors, missing environment variables
- **Solution**:
```bash
# Check for .env files
ls -la .env*
# Verify .env template exists
cp .env.template .env
# Edit .env with your configuration
```
### **Python Module Import Errors**
- **Issue**: Python modules cannot be imported
- **Symptoms**: ImportError, ModuleNotFoundError
- **Solution**:
```bash
# Check Python syntax
python -m py_compile path/to/module.py
# Verify all core modules
python -m py_compile CyberCP/settings.py
python -m py_compile loginSystem/views.py
python -m py_compile websiteFunctions/views.py
```
### **Service Won't Start**
- **Issue**: CyberPanel service fails to start
- **Solution**: Check logs and restart services
```bash
# Check service status
sudo systemctl status lscpd
# Check logs
sudo journalctl -u lscpd -f
# Restart service
sudo systemctl restart lscpd
```
### **Web Server Issues**
- **Issue**: Apache2 configuration problems
- **Solution**: Reconfigure web server
```bash
# Check Apache2 status
sudo systemctl status apache2
# Test configuration
sudo apache2ctl configtest
# Restart Apache2
sudo systemctl restart apache2
```
## Diagnostic Commands
### **System Diagnostics**
```bash
# Check disk usage
df -h
# Check memory usage
free -h
# Check running processes
ps aux | grep cyberpanel
# Check network connectivity
ping -c 4 google.com
# Check firewall status
sudo ufw status
sudo firewall-cmd --state
```
### **Permission Checks**
```bash
# Check file permissions
ls -la /usr/local/CyberCP/
# Check directory ownership
find /usr/local/CyberCP/ -type d -exec ls -ld {} \;
# Fix common permission issues
sudo chown -R cyberpanel:cyberpanel /usr/local/CyberCP/
sudo chmod -R 755 /usr/local/CyberCP/
```
### **Cron Job Verification**
```bash
# Check cron jobs
crontab -l
# Check system cron jobs
sudo crontab -l
# Verify cron service
sudo systemctl status cron
```
## Log File Locations
### **CyberPanel Logs**
- **Main Log**: `/usr/local/lscp/logs/error.log`
- **Django Logs**: `/usr/local/CyberCP/logs/cyberpanel.log`
- **Installation Log**: `/root/cyberpanel-install.log`
### **System Logs**
- **Apache2**: `/var/log/apache2/`
- **System**: `/var/log/syslog`
- **Journal**: `journalctl -u lscpd`
### **Application Logs**
- **Database**: `/var/log/mysql/`
- **Email**: `/var/log/mail.log`
- **DNS**: `/var/log/powerdns.log`
## Getting Help
### **Self-Diagnosis Steps**
1. **Check service status** using the commands above
2. **Review relevant log files** for error messages
3. **Verify file integrity** using Python compilation checks
4. **Test network connectivity** and firewall settings
5. **Check system resources** (memory, disk space)
### **Support Resources**
- **📚 [Complete Guides Index](INDEX.md)** - All available documentation
#### **OS-Specific Troubleshooting Guides**
- **🐧 [Debian 13 Installation Guide](DEBIAN_13_INSTALLATION_GUIDE.md)** - Debian 13 troubleshooting
- **🐧 [Debian 12 Troubleshooting Guide](DEBIAN_12_TROUBLESHOOTING.md)** - Debian 12 troubleshooting
- **🐧 [Debian 11 Troubleshooting Guide](DEBIAN_11_TROUBLESHOOTING.md)** - Debian 11 troubleshooting
- **🐧 [Ubuntu 24.04.3 Troubleshooting Guide](UBUNTU_24_TROUBLESHOOTING.md)** - Ubuntu 24.04.3 troubleshooting
- **🐧 [Ubuntu 22.04 Troubleshooting Guide](UBUNTU_22_TROUBLESHOOTING.md)** - Ubuntu 22.04 troubleshooting
- **🐧 [Ubuntu 20.04 Troubleshooting Guide](UBUNTU_20_TROUBLESHOOTING.md)** - Ubuntu 20.04 troubleshooting
- **🔴 [AlmaLinux 10 Troubleshooting Guide](ALMALINUX_10_TROUBLESHOOTING.md)** - AlmaLinux 10 troubleshooting
- **🔴 [AlmaLinux 9 Troubleshooting Guide](ALMALINUX_9_TROUBLESHOOTING.md)** - AlmaLinux 9 troubleshooting
- **🔴 [AlmaLinux 8 Troubleshooting Guide](ALMALINUX_8_TROUBLESHOOTING.md)** - AlmaLinux 8 troubleshooting
- **🔴 [RockyLinux 9 Troubleshooting Guide](ROCKYLINUX_9_TROUBLESHOOTING.md)** - RockyLinux 9 troubleshooting
- **🔴 [RockyLinux 8 Troubleshooting Guide](ROCKYLINUX_8_TROUBLESHOOTING.md)** - RockyLinux 8 troubleshooting
- **🔴 [CentOS 9 Troubleshooting Guide](CENTOS_9_TROUBLESHOOTING.md)** - CentOS 9 troubleshooting
- **☁️ [CloudLinux 8 Troubleshooting Guide](CLOUDLINUX_8_TROUBLESHOOTING.md)** - CloudLinux 8 troubleshooting
#### **Feature-Specific Guides**
- **🐳 [Docker Command Execution Guide](Docker_Command_Execution_Guide.md)** - Docker-related issues
- **🤖 [AI Scanner Documentation](AIScannerDocs.md)** - Security scanner troubleshooting
- **📧 [Mautic Installation Guide](MAUTIC_INSTALLATION_GUIDE.md)** - Email marketing setup
- **🎨 [Custom CSS Guide](CUSTOM_CSS_GUIDE.md)** - Interface customization issues
- **🔥 [Firewall Blocking Feature Guide](FIREWALL_BLOCKING_FEATURE.md)** - Security features
### **Community Support**
- **CyberPanel Forums**: https://community.cyberpanel.net
- **GitHub Issues**: https://github.com/usmannasir/cyberpanel/issues
- **Discord Server**: https://discord.gg/cyberpanel
## Advanced Troubleshooting
### **Network Issues**
```bash
# Check port availability
netstat -tlnp | grep :8090
ss -tlnp | grep :8090
# Test port connectivity
telnet localhost 8090
nc -zv localhost 8090
```
### **Database Issues**
```bash
# Check MySQL/MariaDB status
sudo systemctl status mysql
sudo systemctl status mariadb
# Test database connection
mysql -u root -p -e "SHOW DATABASES;"
# Check database logs
sudo tail -f /var/log/mysql/error.log
```
### **SSL Certificate Issues**
```bash
# Check certificate status
openssl x509 -in /path/to/certificate.crt -text -noout
# Test SSL connectivity
openssl s_client -connect your-domain.com:443
# Check Let's Encrypt certificates
sudo certbot certificates
```
---
**Note**: This troubleshooting guide covers the most common issues and solutions. For specific problems not covered here, refer to the individual feature guides or contact the CyberPanel community for assistance.

367
guides/UBUNTU_24_TROUBLESHOOTING.md Normal file
View File

@@ -0,0 +1,367 @@
# Ubuntu 24.04.3 LTS Troubleshooting Guide for CyberPanel
## Overview
This guide provides Ubuntu 24.04.3 LTS-specific troubleshooting information for CyberPanel installation and operation issues.
## System Information
- **OS**: Ubuntu 24.04.3 LTS (Noble Numbat)
- **Architecture**: x86_64
- **Support Status**: Full Support until April 2029
- **Package Manager**: APT (Advanced Package Tool)
## Ubuntu-Specific Commands
### **System Status Checks**
```bash
# Check Ubuntu version
lsb_release -a
cat /etc/os-release
# Check CyberPanel service status
sudo systemctl status lscpd
# Check Apache2 status (Ubuntu uses Apache2)
sudo systemctl status apache2
# Check if CyberPanel is accessible
curl -I http://localhost:8090
```
### **Package Management**
```bash
# Update package lists
sudo apt update
# Upgrade system packages
sudo apt upgrade -y
# Install essential packages
sudo apt install -y curl wget git
# Check for broken packages
sudo apt --fix-broken install
# Clean package cache
sudo apt autoremove -y
sudo apt autoclean
```
### **Ubuntu-Specific Log Locations**
```bash
# CyberPanel logs
tail -f /usr/local/lscp/logs/error.log
# Apache2 logs (Ubuntu default)
tail -f /var/log/apache2/error.log
tail -f /var/log/apache2/access.log
# System logs
tail -f /var/log/syslog
journalctl -u lscpd -f
journalctl -u apache2 -f
# Installation logs
tail -f /root/cyberpanel-install.log
```
## Common Ubuntu 24.04.3 Issues
### **1. Package Installation Failures**
**Issue**: APT package installation errors during CyberPanel setup
**Symptoms**:
- `E: Unable to locate package` errors
- `E: Package has no installation candidate` errors
- Repository connection failures
**Solution**:
```bash
# Update package lists
sudo apt update
# Fix broken packages
sudo apt --fix-broken install
# Clean package cache
sudo apt clean
sudo apt autoclean
# Retry installation
sudo ./install.sh
```
### **2. Apache2 Configuration Issues**
**Issue**: Apache2 service conflicts or configuration problems
**Symptoms**:
- Apache2 fails to start
- Port 80/443 conflicts
- Configuration syntax errors
**Solution**:
```bash
# Check Apache2 configuration
sudo apache2ctl configtest
# Check for port conflicts
sudo netstat -tlnp | grep :80
sudo netstat -tlnp | grep :443
# Restart Apache2
sudo systemctl restart apache2
# Check Apache2 status
sudo systemctl status apache2
```
### **3. PHP Version Issues**
**Issue**: PHP version compatibility problems
**Symptoms**:
- PHP version not supported
- Missing PHP extensions
- PHP configuration errors
**Solution**:
```bash
# Check current PHP version
php -v
# Install PHP 8.1 (recommended for CyberPanel)
sudo apt install -y php8.1 php8.1-cli php8.1-common php8.1-mysql php8.1-zip php8.1-gd php8.1-mbstring php8.1-curl php8.1-xml php8.1-bcmath
# Enable PHP 8.1
sudo a2enmod php8.1
# Restart Apache2
sudo systemctl restart apache2
```
### **4. Firewall Configuration (UFW)**
**Issue**: Ubuntu's UFW firewall blocking CyberPanel ports
**Symptoms**:
- Cannot access CyberPanel web interface
- Connection refused errors
- Port access denied
**Solution**:
```bash
# Check UFW status
sudo ufw status
# Allow CyberPanel ports
sudo ufw allow 8090/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 21/tcp
sudo ufw allow 25/tcp
sudo ufw allow 53/tcp
sudo ufw allow 587/tcp
sudo ufw allow 993/tcp
sudo ufw allow 995/tcp
# Enable UFW if not already enabled
sudo ufw enable
```
### **5. SystemD Service Issues**
**Issue**: CyberPanel service not starting properly
**Symptoms**:
- `systemctl status lscpd` shows failed
- Service won't start on boot
- Service dependency errors
**Solution**:
```bash
# Check service status
sudo systemctl status lscpd
# Check service logs
sudo journalctl -u lscpd -f
# Reload systemd configuration
sudo systemctl daemon-reload
# Restart CyberPanel service
sudo systemctl restart lscpd
# Enable service to start on boot
sudo systemctl enable lscpd
```
### **6. Permission Issues**
**Issue**: File permission problems specific to Ubuntu
**Symptoms**:
- Permission denied errors
- Cannot write to directories
- File ownership issues
**Solution**:
```bash
# Check file permissions
ls -la /usr/local/CyberCP/
# Fix ownership (replace 'cyberpanel' with actual user)
sudo chown -R cyberpanel:cyberpanel /usr/local/CyberCP/
# Fix permissions
sudo chmod -R 755 /usr/local/CyberCP/
# Check user groups
groups cyberpanel
```
## Ubuntu-Specific Diagnostic Commands
### **System Information**
```bash
# Check Ubuntu version and details
lsb_release -a
cat /etc/os-release
# Check kernel version
uname -r
# Check system architecture
arch
lscpu
```
### **Network Configuration**
```bash
# Check network interfaces
ip addr show
ip route show
# Check DNS resolution
nslookup google.com
dig google.com
# Test connectivity
ping -c 4 google.com
```
### **Disk and Memory Usage**
```bash
# Check disk usage
df -h
du -sh /usr/local/CyberCP/
# Check memory usage
free -h
cat /proc/meminfo
# Check swap usage
swapon -s
```
## Ubuntu 24.04.3 Specific Considerations
### **1. Snap Package Conflicts**
Ubuntu 24.04.3 comes with many snap packages that might conflict:
```bash
# Check for snap packages
snap list
# Remove conflicting snap packages if needed
sudo snap remove package-name
```
### **2. SystemD-Resolved**
Ubuntu 24.04.3 uses systemd-resolved for DNS:
```bash
# Check DNS resolution
systemd-resolve --status
# Restart DNS resolver if needed
sudo systemctl restart systemd-resolved
```
### **3. AppArmor**
Ubuntu 24.04.3 has AppArmor enabled by default:
```bash
# Check AppArmor status
sudo aa-status
# Check AppArmor logs
sudo dmesg | grep apparmor
```
## Performance Optimization for Ubuntu 24.04.3
### **System Optimization**
```bash
# Optimize APT for faster package installation
echo 'APT::Install-Recommends "false";' | sudo tee /etc/apt/apt.conf.d/99-no-recommends
# Enable APT caching
echo 'APT::Cache-Limit "100000000";' | sudo tee /etc/apt/apt.conf.d/99-cache-limit
```
### **Apache2 Optimization**
```bash
# Edit Apache2 configuration
sudo nano /etc/apache2/apache2.conf
# Add these optimizations:
ServerTokens Prod
ServerSignature Off
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
```
## Getting Help for Ubuntu 24.04.3
### **Ubuntu-Specific Resources**
- **Ubuntu Documentation**: https://help.ubuntu.com/
- **Ubuntu Forums**: https://ubuntuforums.org/
- **Ask Ubuntu**: https://askubuntu.com/
### **CyberPanel Resources**
- **General Troubleshooting**: [Troubleshooting Guide](TROUBLESHOOTING.md)
- **Complete Guides**: [Guides Index](INDEX.md)
- **CyberPanel Forums**: https://community.cyberpanel.net
### **System Logs to Check**
```bash
# Ubuntu system logs
sudo journalctl -xe
sudo dmesg | tail -50
# CyberPanel specific logs
tail -f /usr/local/lscp/logs/error.log
tail -f /usr/local/CyberCP/logs/cyberpanel.log
```
---
**Note**: This guide is specifically tailored for Ubuntu 24.04.3 LTS. For other Ubuntu versions or operating systems, refer to the appropriate OS-specific troubleshooting guide.

237
plogical/findBWUsage.py
View File

@@ -1,65 +1,157 @@
import sys
sys.path.append('/usr/local/CyberCP')
import os
import gc
import time
from plogical import CyberCPLogFileWriter as logging
import shlex
import subprocess
import validators
import resource
class findBWUsage:
# Configuration constants
MAX_MEMORY_MB = 512 # Maximum memory usage in MB
MAX_PROCESSING_TIME = 300 # Maximum processing time in seconds (5 minutes)
MAX_LOG_LINES_PER_BATCH = 10000 # Process logs in batches
MAX_FILE_SIZE_MB = 100 # Skip files larger than 100MB
@staticmethod
def parse_last_digits(line):
return line.split(' ')
"""Safely parse log line and extract bandwidth data"""
try:
parts = line.split(' ')
if len(parts) < 10:
return None
# Extract the size field (index 9) and clean it
size_str = parts[9].replace('"', '').strip()
if size_str == '-':
return 0
return int(size_str)
except (ValueError, IndexError, AttributeError):
return None
@staticmethod
def get_file_size_mb(filepath):
"""Get file size in MB"""
try:
return os.path.getsize(filepath) / (1024 * 1024)
except OSError:
return 0
@staticmethod
def set_memory_limit():
"""Set memory limit to prevent system overload"""
try:
# Set memory limit to MAX_MEMORY_MB
memory_limit = findBWUsage.MAX_MEMORY_MB * 1024 * 1024 # Convert to bytes
resource.setrlimit(resource.RLIMIT_AS, (memory_limit, memory_limit))
except Exception as e:
logging.CyberCPLogFileWriter.writeToFile(f"Failed to set memory limit: {str(e)}")
@staticmethod
def calculateBandwidth(domainName):
"""Calculate bandwidth usage for a domain with memory protection"""
start_time = time.time()
try:
path = "/home/"+domainName+"/logs/"+domainName+".access_log"
path = "/home/" + domainName + "/logs/" + domainName + ".access_log"
if not os.path.exists(path):
return 0
from processUtilities import ProcessUtilities
logData = ProcessUtilities.outputExecutioner('cat %s' % (path), 'nobody').splitlines()
logDataLines = len(logData)
if not os.path.exists("/home/"+domainName+"/logs"):
# Check file size before processing
file_size_mb = findBWUsage.get_file_size_mb(path)
if file_size_mb > findBWUsage.MAX_FILE_SIZE_MB:
logging.CyberCPLogFileWriter.writeToFile(f"Skipping large file {path} ({file_size_mb:.2f}MB)")
return 0
if not os.path.exists("/home/" + domainName + "/logs"):
return 0
bwmeta = "/home/cyberpanel/%s.bwmeta" % (domainName)
if not os.path.exists(path):
writeMeta = open(bwmeta, 'w')
writeMeta.writelines('0\n0\n')
writeMeta.close()
os.chmod(bwmeta, 0o600)
return 1
if os.path.exists(bwmeta):
data = open(bwmeta).readlines()
currentUsed = int(data[0].strip("\n"))
currentLinesRead = int(data[1].strip("\n"))
if currentLinesRead > logDataLines:
currentLinesRead = 0
else:
# Initialize metadata
currentUsed = 0
currentLinesRead = 0
startLine = currentLinesRead
# Read existing metadata
if os.path.exists(bwmeta):
try:
with open(bwmeta, 'r') as f:
data = f.readlines()
if len(data) >= 2:
currentUsed = int(data[0].strip("\n"))
currentLinesRead = int(data[1].strip("\n"))
except (ValueError, IndexError):
currentUsed = 0
currentLinesRead = 0
for line in logData[startLine:]:
line = line.strip('"\n')
currentLinesRead = currentLinesRead + 1
if len(line)>10:
currentUsed = int(findBWUsage.parse_last_digits(line)[9].replace('"', '')) + currentUsed
# Process log file in streaming mode to avoid memory issues
try:
with open(path, 'r', encoding='utf-8', errors='ignore') as logfile:
# Skip to the last processed line
for _ in range(currentLinesRead):
try:
next(logfile)
except StopIteration:
break
writeMeta = open(bwmeta,'w')
writeMeta.writelines(str(currentUsed)+"\n")
writeMeta.writelines(str(currentLinesRead) + "\n")
writeMeta.close()
lines_processed = 0
batch_size = 0
for line in logfile:
# Check processing time limit
if time.time() - start_time > findBWUsage.MAX_PROCESSING_TIME:
logging.CyberCPLogFileWriter.writeToFile(f"Processing timeout for {domainName}")
break
line = line.strip()
if len(line) > 10:
bandwidth = findBWUsage.parse_last_digits(line)
if bandwidth is not None:
currentUsed += bandwidth
currentLinesRead += 1
lines_processed += 1
batch_size += 1
# Process in batches to manage memory
if batch_size >= findBWUsage.MAX_LOG_LINES_PER_BATCH:
# Force garbage collection
gc.collect()
batch_size = 0
# Check memory usage
try:
import psutil
process = psutil.Process()
memory_mb = process.memory_info().rss / (1024 * 1024)
if memory_mb > findBWUsage.MAX_MEMORY_MB:
logging.CyberCPLogFileWriter.writeToFile(f"Memory limit reached for {domainName}")
break
except ImportError:
pass # psutil not available, continue processing
except (IOError, OSError) as e:
logging.CyberCPLogFileWriter.writeToFile(f"Error reading log file {path}: {str(e)}")
return 0
# Write updated metadata
try:
with open(bwmeta, 'w') as f:
f.write(f"{currentUsed}\n{currentLinesRead}\n")
os.chmod(bwmeta, 0o600)
except (IOError, OSError) as e:
logging.CyberCPLogFileWriter.writeToFile(f"Error writing metadata {bwmeta}: {str(e)}")
return 0
except BaseException as msg:
# Log processing statistics
processing_time = time.time() - start_time
if processing_time > 10: # Log if processing took more than 10 seconds
logging.CyberCPLogFileWriter.writeToFile(f"Processed {domainName}: {lines_processed} lines in {processing_time:.2f}s")
except Exception as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [calculateBandwidth]")
return 0
@@ -67,67 +159,95 @@ class findBWUsage:
@staticmethod
def startCalculations():
"""Start bandwidth calculations with resource protection"""
try:
# Set memory limit
findBWUsage.set_memory_limit()
start_time = time.time()
domains_processed = 0
for directories in os.listdir("/home"):
# Check overall processing time
if time.time() - start_time > findBWUsage.MAX_PROCESSING_TIME * 2:
logging.CyberCPLogFileWriter.writeToFile("Overall processing timeout reached")
break
if validators.domain(directories):
findBWUsage.calculateBandwidth(directories)
except BaseException as msg:
try:
result = findBWUsage.calculateBandwidth(directories)
domains_processed += 1
# Force garbage collection after each domain
gc.collect()
# Small delay to prevent system overload
time.sleep(0.1)
except Exception as e:
logging.CyberCPLogFileWriter.writeToFile(f"Error processing domain {directories}: {str(e)}")
continue
total_time = time.time() - start_time
logging.CyberCPLogFileWriter.writeToFile(f"Bandwidth calculation completed: {domains_processed} domains in {total_time:.2f}s")
except Exception as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [startCalculations]")
return 0
@staticmethod
def findDomainBW(domainName,totalAllowed):
def findDomainBW(domainName, totalAllowed):
"""Find domain bandwidth usage with improved error handling"""
try:
path = "/home/"+domainName+"/logs/"+domainName+".access_log"
path = "/home/" + domainName + "/logs/" + domainName + ".access_log"
if not os.path.exists("/home/"+domainName+"/logs"):
return [0,0]
if not os.path.exists("/home/" + domainName + "/logs"):
return [0, 0]
bwmeta = "/home/" + domainName + "/logs/bwmeta"
bwmeta = "/home/cyberpanel/%s.bwmeta" % (domainName)
if not os.path.exists(path):
return [0,0]
return [0, 0]
if os.path.exists(bwmeta):
try:
data = open(bwmeta).readlines()
currentUsed = int(data[0].strip("\n"))
with open(bwmeta, 'r') as f:
data = f.readlines()
inMB = int(float(currentUsed)/(1024.0*1024.0))
if len(data) < 1:
return [0, 0]
currentUsed = int(data[0].strip("\n"))
inMB = int(float(currentUsed) / (1024.0 * 1024.0))
if totalAllowed <= 0:
totalAllowed = 999999
percentage = float(100) / float(totalAllowed)
percentage = float(percentage) * float(inMB)
except:
return [0,0]
if percentage > 100.0:
percentage = 100
return [inMB,percentage]
return [inMB, percentage]
except (ValueError, IndexError, IOError):
return [0, 0]
else:
return [0, 0]
except OSError as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [findDomainBW]")
return 0
return [0, 0]
except ValueError as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [findDomainBW]")
return 0
return 1
return [0, 0]
@staticmethod
def changeSystemLanguage():
"""Change system language with improved error handling"""
try:
command = 'localectl set-locale LANG=en_US.UTF-8'
cmd = shlex.split(command)
res = subprocess.call(cmd)
if res == 1:
@@ -135,12 +255,10 @@ class findBWUsage:
else:
pass
print("###############################################")
print(" Language Changed to English ")
print("###############################################")
except OSError as msg:
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [changeSystemLanguage]")
return 0
@@ -151,4 +269,5 @@ class findBWUsage:
return 1
findBWUsage.startCalculations()
if __name__ == "__main__":
findBWUsage.startCalculations()

2
plogical/installUtilities.py
View File

@@ -44,7 +44,7 @@ class installUtilities:
try:
# Use the official LiteSpeed repository installation script
# This supports all OS versions including CentOS/AlmaLinux/Rocky 7, 8, and 9
cmd = "bash -c 'wget -O - https://repo.litespeed.sh | bash'"
cmd = "wget -O - https://repo.litespeed.sh | bash"
res = subprocess.call(cmd, shell=True)

1
plogical/processUtilities.py
View File

@@ -496,6 +496,7 @@ class ProcessUtilities(multi.Thread):
return ProcessUtilities.sendCommand(command, user, dir)[:-1]
except BaseException as msg:
logging.writeToFile(str(msg) + "[outputExecutioner:188]")
return None
def customPoen(self):
try:

59
plogical/upgrade.py
View File

@@ -303,6 +303,9 @@ openEuler20 = 6
openEuler22 = 7
Ubuntu22 = 8
Ubuntu24 = 9
Debian11 = 10
Debian12 = 11
Debian13 = 12
class Upgrade:
@@ -312,6 +315,7 @@ class Upgrade:
CentOSPath = '/etc/redhat-release'
UbuntuPath = '/etc/lsb-release'
openEulerPath = '/etc/openEuler-release'
DebianPath = '/etc/os-release'
FromCloud = 0
SnappyVersion = '2.38.2'
LogPathNew = '/home/cyberpanel/upgrade_logs'
@@ -396,6 +400,18 @@ class Upgrade:
elif result.find('22.03') > -1:
return openEuler22
elif os.path.exists(Upgrade.DebianPath):
result = open(Upgrade.DebianPath, 'r').read()
if result.find('Debian GNU/Linux 11') > -1:
return Debian11
elif result.find('Debian GNU/Linux 12') > -1:
return Debian12
elif result.find('Debian GNU/Linux 13') > -1:
return Debian13
else:
return Debian11 # Default to Debian 11 for older versions
else:
result = open(Upgrade.UbuntuPath, 'r').read()
@@ -632,19 +648,32 @@ class Upgrade:
except:
pass
# Try to fetch latest phpMyAdmin version from GitHub
phpmyadmin_version = '5.2.2' # Fallback version
try:
from plogical.versionFetcher import get_latest_phpmyadmin_version
latest_version = get_latest_phpmyadmin_version()
if latest_version and latest_version != phpmyadmin_version:
Upgrade.stdOut(f"Using latest phpMyAdmin version: {latest_version}", 0)
phpmyadmin_version = latest_version
else:
Upgrade.stdOut(f"Using fallback phpMyAdmin version: {phpmyadmin_version}", 0)
except Exception as e:
Upgrade.stdOut(f"Failed to fetch latest phpMyAdmin version, using fallback: {e}", 0)
Upgrade.stdOut("Installing phpMyAdmin...", 0)
command = 'wget -q -O /usr/local/CyberCP/public/phpmyadmin.zip https://github.com/usmannasir/cyberpanel/raw/stable/phpmyadmin.zip'
Upgrade.executioner_silent(command, 'Download phpMyAdmin')
command = f'wget -q -O /usr/local/CyberCP/public/phpmyadmin.tar.gz https://files.phpmyadmin.net/phpMyAdmin/{phpmyadmin_version}/phpMyAdmin-{phpmyadmin_version}-all-languages.tar.gz'
Upgrade.executioner_silent(command, f'Download phpMyAdmin {phpmyadmin_version}')
command = 'unzip -q /usr/local/CyberCP/public/phpmyadmin.zip -d /usr/local/CyberCP/public/'
command = 'tar -xzf /usr/local/CyberCP/public/phpmyadmin.tar.gz -C /usr/local/CyberCP/public/'
Upgrade.executioner_silent(command, 'Extract phpMyAdmin')
command = 'mv /usr/local/CyberCP/public/phpMyAdmin-*-all-languages /usr/local/CyberCP/public/phpmyadmin'
subprocess.call(command, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
command = 'rm -f /usr/local/CyberCP/public/phpmyadmin.zip'
Upgrade.executioner_silent(command, 'Cleanup phpMyAdmin zip')
command = 'rm -f /usr/local/CyberCP/public/phpmyadmin.tar.gz'
Upgrade.executioner_silent(command, 'Cleanup phpMyAdmin tar.gz')
Upgrade.stdOut("phpMyAdmin installation completed.", 0)
@@ -765,6 +794,18 @@ $cfg['Servers'][$i]['LogoutURL'] = 'phpmyadminsignin.php?logout';
if not os.path.exists("/usr/local/CyberCP/public"):
os.mkdir("/usr/local/CyberCP/public")
# Try to fetch latest SnappyMail version from GitHub
try:
from plogical.versionFetcher import get_latest_snappymail_version
latest_version = get_latest_snappymail_version()
if latest_version and latest_version != Upgrade.SnappyVersion:
Upgrade.stdOut(f"Using latest SnappyMail version: {latest_version}", 0)
Upgrade.SnappyVersion = latest_version
else:
Upgrade.stdOut(f"Using fallback SnappyMail version: {Upgrade.SnappyVersion}", 0)
except Exception as e:
Upgrade.stdOut(f"Failed to fetch latest SnappyMail version, using fallback: {e}", 0)
os.chdir("/usr/local/CyberCP/public")
count = 1
@@ -1654,7 +1695,7 @@ CREATE TABLE `websiteFunctions_backupsv2` (`id` integer AUTO_INCREMENT NOT NULL
except:
pass
if Upgrade.FindOperatingSytem() == Ubuntu22 or Upgrade.FindOperatingSytem() == Ubuntu24:
if Upgrade.FindOperatingSytem() == Ubuntu22 or Upgrade.FindOperatingSytem() == Ubuntu24 or Upgrade.FindOperatingSytem() == Debian11 or Upgrade.FindOperatingSytem() == Debian12 or Upgrade.FindOperatingSytem() == Debian13:
### If ftp not installed then upgrade will fail so this command should not do exit
command = "sed -i 's/MYSQLCrypt md5/MYSQLCrypt crypt/g' /etc/pure-ftpd/db/mysql.conf"
@@ -3297,7 +3338,7 @@ echo $oConfig->Save() ? 'Done' : 'Error';
else:
# Check other OS versions
os_info = Upgrade.findOperatingSytem()
if os_info in [Ubuntu24, CENTOS8]:
if os_info in [Ubuntu24, CENTOS8, Debian13]:
php_versions = ['74', '80', '81', '82', '83', '84', '85']
else:
php_versions = ['71', '72', '73', '74', '80', '81', '82', '83', '84', '85']
@@ -3530,7 +3571,7 @@ echo $oConfig->Save() ? 'Done' : 'Error';
command = 'systemctl restart postfix'
Upgrade.executioner(command, 0)
elif Upgrade.FindOperatingSytem() == Ubuntu20 or Upgrade.FindOperatingSytem() == Ubuntu22 or Upgrade.FindOperatingSytem() == Ubuntu24:
elif Upgrade.FindOperatingSytem() == Ubuntu20 or Upgrade.FindOperatingSytem() == Ubuntu22 or Upgrade.FindOperatingSytem() == Ubuntu24 or Upgrade.FindOperatingSytem() == Debian11 or Upgrade.FindOperatingSytem() == Debian12 or Upgrade.FindOperatingSytem() == Debian13:
debPath = '/etc/apt/sources.list.d/dovecot.list'
# writeToFile = open(debPath, 'w')
@@ -4867,7 +4908,7 @@ extprocessor proxyApacheBackendSSL {
##
if Upgrade.FindOperatingSytem() == Ubuntu22 or Upgrade.FindOperatingSytem() == Ubuntu24 or Upgrade.FindOperatingSytem() == Ubuntu18 \
or Upgrade.FindOperatingSytem() == Ubuntu20:
or Upgrade.FindOperatingSytem() == Ubuntu20 or Upgrade.FindOperatingSytem() == Debian11 or Upgrade.FindOperatingSytem() == Debian12 or Upgrade.FindOperatingSytem() == Debian13:
print("Install Quota on Ubuntu")
command = 'apt update -y'

157
plogical/versionFetcher.py Normal file
View File

@@ -0,0 +1,157 @@
#!/usr/bin/env python3
import requests
import json
import re
import logging
from typing import Optional, Tuple
class VersionFetcher:
"""
Utility class to fetch latest versions of components from GitHub API
"""
# GitHub API endpoints for different components
GITHUB_API_BASE = "https://api.github.com/repos"
# Component repositories
REPOSITORIES = {
'phpmyadmin': 'phpmyadmin/phpmyadmin',
'snappymail': 'the-djmaze/snappymail'
}
# Fallback versions in case API is unavailable
FALLBACK_VERSIONS = {
'phpmyadmin': '5.2.2',
'snappymail': '2.38.2'
}
@staticmethod
def get_latest_version(component: str) -> str:
"""
Get the latest version of a component from GitHub
Args:
component (str): Component name ('phpmyadmin' or 'snappymail')
Returns:
str: Latest version number or fallback version
"""
try:
if component not in VersionFetcher.REPOSITORIES:
logging.warning(f"Unknown component: {component}")
return VersionFetcher.FALLBACK_VERSIONS.get(component, "unknown")
repo = VersionFetcher.REPOSITORIES[component]
url = f"{VersionFetcher.GITHUB_API_BASE}/{repo}/releases/latest"
logging.info(f"Fetching latest version for {component} from {url}")
# Make request with timeout and proper headers
headers = {
'Accept': 'application/vnd.github.v3+json',
'User-Agent': 'CyberPanel-VersionFetcher/1.0'
}
response = requests.get(url, headers=headers, timeout=10)
response.raise_for_status()
data = response.json()
version = data.get('tag_name', '')
# Clean version string (remove 'v' prefix if present)
version = re.sub(r'^v', '', version)
if version and VersionFetcher._is_valid_version(version):
logging.info(f"Successfully fetched {component} version: {version}")
return version
else:
logging.warning(f"Invalid version format for {component}: {version}")
return VersionFetcher.FALLBACK_VERSIONS[component]
except requests.exceptions.RequestException as e:
logging.error(f"Failed to fetch {component} version: {e}")
return VersionFetcher.FALLBACK_VERSIONS[component]
except Exception as e:
logging.error(f"Unexpected error fetching {component} version: {e}")
return VersionFetcher.FALLBACK_VERSIONS[component]
@staticmethod
def get_latest_versions() -> dict:
"""
Get latest versions for all supported components
Returns:
dict: Dictionary with component names as keys and versions as values
"""
versions = {}
for component in VersionFetcher.REPOSITORIES.keys():
versions[component] = VersionFetcher.get_latest_version(component)
return versions
@staticmethod
def _is_valid_version(version: str) -> bool:
"""
Validate version string format
Args:
version (str): Version string to validate
Returns:
bool: True if valid version format
"""
# Check for semantic versioning pattern (x.y.z)
pattern = r'^\d+\.\d+\.\d+$'
return bool(re.match(pattern, version))
@staticmethod
def get_phpmyadmin_version() -> str:
"""Get latest phpMyAdmin version"""
return VersionFetcher.get_latest_version('phpmyadmin')
@staticmethod
def get_snappymail_version() -> str:
"""Get latest SnappyMail version"""
return VersionFetcher.get_latest_version('snappymail')
@staticmethod
def test_connectivity() -> bool:
"""
Test if GitHub API is accessible
Returns:
bool: True if API is accessible
"""
try:
# Test with a simple API call
url = f"{VersionFetcher.GITHUB_API_BASE}/octocat/Hello-World"
headers = {
'Accept': 'application/vnd.github.v3+json',
'User-Agent': 'CyberPanel-VersionFetcher/1.0'
}
response = requests.get(url, headers=headers, timeout=5)
return response.status_code == 200
except:
return False
# Convenience functions for backward compatibility
def get_latest_phpmyadmin_version():
"""Get latest phpMyAdmin version"""
return VersionFetcher.get_phpmyadmin_version()
def get_latest_snappymail_version():
"""Get latest SnappyMail version"""
return VersionFetcher.get_snappymail_version()
def get_latest_versions():
"""Get latest versions for all components"""
return VersionFetcher.get_latest_versions()
if __name__ == "__main__":
# Test the version fetcher
print("Testing version fetcher...")
print(f"GitHub API accessible: {VersionFetcher.test_connectivity()}")
print(f"Latest phpMyAdmin: {get_latest_phpmyadmin_version()}")
print(f"Latest SnappyMail: {get_latest_snappymail_version()}")
print(f"All versions: {get_latest_versions()}")

23
plogical/virtualHostUtilities.py
View File

@@ -3,6 +3,7 @@ import os
import os.path
import sys
import time
import re
import django
@@ -1671,16 +1672,28 @@ local_name %s {
logging.CyberCPLogFileWriter.statusWriter(tempStatusPath, 'Creating apache configurations..,90')
if child:
ApacheVhost.perHostVirtualConfOLS(completePathToConfigFile, website.master.adminEmail)
# Handle None values for child domains
admin_email = website.master.adminEmail if website.master.adminEmail else website.master.admin.email
ApacheVhost.perHostVirtualConfOLS(completePathToConfigFile, admin_email)
else:
ApacheVhost.perHostVirtualConfOLS(completePathToConfigFile, website.adminEmail)
# Handle None values for main domains
admin_email = website.adminEmail if website.adminEmail else website.admin.email
ApacheVhost.perHostVirtualConfOLS(completePathToConfigFile, admin_email)
if child:
ApacheVhost.setupApacheVhostChild(website.master.adminEmail, website.master.externalApp,
website.master.externalApp,
# Handle None values for child domains
admin_email = website.master.adminEmail if website.master.adminEmail else website.master.admin.email
external_app = website.master.externalApp if website.master.externalApp else "".join(re.findall("[a-zA-Z]+", virtualHostName))[:5] + str(randint(1000, 9999))
ApacheVhost.setupApacheVhostChild(admin_email, external_app,
external_app,
phpVersion, virtualHostName, website.path)
else:
ApacheVhost.setupApacheVhost(website.adminEmail, website.externalApp, website.externalApp,
# Handle None values for main domains
admin_email = website.adminEmail if website.adminEmail else website.admin.email
external_app = website.externalApp if website.externalApp else "".join(re.findall("[a-zA-Z]+", virtualHostName))[:5] + str(randint(1000, 9999))
ApacheVhost.setupApacheVhost(admin_email, external_app, external_app,
phpVersion, virtualHostName)
logging.CyberCPLogFileWriter.statusWriter(tempStatusPath, 'Restarting servers and phps..,90')

81
scripts/test_ubuntu_24043_support.bat
View File

@@ -1,81 +0,0 @@
@echo off
REM Test script for Ubuntu 24.04.3 support in CyberPanel
REM This script verifies that CyberPanel properly detects and handles Ubuntu 24.04.3
echo CyberPanel Ubuntu 24.04.3 Support Test
echo ======================================
echo.
REM Check if running on Ubuntu 24.04.3
if exist /etc/os-release (
echo Detected OS: Checking /etc/os-release
findstr "Ubuntu" /etc/os-release
echo.
echo ✅ Ubuntu 24.04.3 support verified
) else (
echo ❌ Cannot detect OS version
echo This test is designed for Ubuntu 24.04.3
echo Current system: Windows
echo Continuing with compatibility test...
)
echo.
REM Test 1: Version detection
echo Test 1: Version Detection
echo -------------------------
if exist /etc/os-release (
findstr "Ubuntu 24.04" /etc/os-release >nul
if %errorlevel% == 0 (
echo ✅ Ubuntu 24.04 pattern match successful
) else (
echo ❌ Ubuntu 24.04 pattern match failed
)
) else (
echo ⚠️ /etc/os-release not found (Windows system)
)
echo.
REM Test 2: CyberPanel installation check
echo Test 2: CyberPanel Installation Check
echo -------------------------------------
if exist "C:\Program Files\CyberPanel\bin\python.exe" (
echo ✅ CyberPanel installation found
) else (
echo ⚠️ CyberPanel not installed - this is normal for Windows
)
echo.
REM Test 3: System requirements
echo Test 3: System Requirements
echo ---------------------------
echo Architecture: %PROCESSOR_ARCHITECTURE%
echo OS: %OS%
echo.
REM Test 4: Network connectivity
echo Test 4: Network Connectivity
echo ----------------------------
ping -n 1 8.8.8.8 >nul 2>&1
if %errorlevel% == 0 (
echo ✅ Network connectivity working
) else (
echo ❌ Network connectivity issues
)
echo.
echo Ubuntu 24.04.3 Support Test Complete
echo ====================================
echo.
echo Summary:
echo - Ubuntu 24.04.3 is fully supported by CyberPanel
echo - Version detection works correctly
echo - All required packages and dependencies are available
echo - Installation and upgrade scripts are compatible
echo.
echo For installation on Ubuntu 24.04.3, run:
echo sh ^<(curl https://cyberpanel.net/install.sh ^|^| wget -O - https://cyberpanel.net/install.sh^)
echo.
pause

168
scripts/test_ubuntu_24043_support.sh
View File

@@ -1,168 +0,0 @@
#!/bin/bash
# Test script for Ubuntu 24.04.3 support in CyberPanel
# This script verifies that CyberPanel properly detects and handles Ubuntu 24.04.3
echo "CyberPanel Ubuntu 24.04.3 Support Test"
echo "======================================"
echo ""
# Check if running on Ubuntu 24.04.3
if [ -f /etc/os-release ]; then
source /etc/os-release
echo "Detected OS: $NAME $VERSION"
if [[ "$NAME" == "Ubuntu" ]] && [[ "$VERSION" == *"24.04.3"* ]]; then
echo "✅ Ubuntu 24.04.3 detected"
else
echo "⚠️ This test is designed for Ubuntu 24.04.3"
echo " Current system: $NAME $VERSION"
echo " Continuing with compatibility test..."
fi
else
echo "❌ Cannot detect OS version"
exit 1
fi
echo ""
# Test 1: Version detection
echo "Test 1: Version Detection"
echo "-------------------------"
if grep -q -E "Ubuntu 24.04" /etc/os-release; then
echo "✅ Ubuntu 24.04 pattern match successful"
else
echo "❌ Ubuntu 24.04 pattern match failed"
fi
# Test 2: Version parsing
echo ""
echo "Test 2: Version Parsing"
echo "-----------------------"
VERSION_ID=$(grep VERSION_ID /etc/os-release | awk -F[=,] '{print $2}' | tr -d \" | head -c2 | tr -d .)
echo "Parsed version: $VERSION_ID"
if [ "$VERSION_ID" = "24" ]; then
echo "✅ Version parsing correct (24)"
else
echo "❌ Version parsing incorrect (expected: 24, got: $VERSION_ID)"
fi
# Test 3: Python version detection
echo ""
echo "Test 3: Python Version Detection"
echo "--------------------------------"
if command -v python3 &> /dev/null; then
PYTHON_VERSION=$(python3 --version | cut -d' ' -f2 | cut -d'.' -f1-2)
echo "Python version: $PYTHON_VERSION"
if [[ "$PYTHON_VERSION" == "3.12" ]]; then
echo "✅ Python 3.12 detected (expected for Ubuntu 24.04.3)"
else
echo "⚠️ Python version $PYTHON_VERSION (Ubuntu 24.04.3 typically has Python 3.12)"
fi
else
echo "❌ Python3 not found"
fi
# Test 4: Package manager compatibility
echo ""
echo "Test 4: Package Manager Compatibility"
echo "------------------------------------"
if command -v apt &> /dev/null; then
echo "✅ APT package manager available"
# Test if we can access Ubuntu repositories
if apt list --installed | grep -q "ubuntu-release"; then
echo "✅ Ubuntu release packages found"
else
echo "⚠️ Ubuntu release packages not found"
fi
else
echo "❌ APT package manager not found"
fi
# Test 5: Virtual environment support
echo ""
echo "Test 5: Virtual Environment Support"
echo "-----------------------------------"
if command -v python3 -m venv --help &> /dev/null; then
echo "✅ Python3 venv module available"
# Test creating a virtual environment
TEST_VENV="/tmp/cyberpanel_test_venv"
if python3 -m venv "$TEST_VENV" 2>/dev/null; then
echo "✅ Virtual environment creation successful"
rm -rf "$TEST_VENV"
else
echo "❌ Virtual environment creation failed"
fi
else
echo "❌ Python3 venv module not available"
fi
# Test 6: CyberPanel version detection
echo ""
echo "Test 6: CyberPanel Version Detection"
echo "------------------------------------"
if [ -f /usr/local/CyberCP/plogical/upgrade.py ]; then
echo "✅ CyberPanel installation found"
# Test if the version detection would work
if python3 -c "
import sys
sys.path.append('/usr/local/CyberCP')
try:
from plogical.upgrade import Upgrade
os_type = Upgrade.FindOperatingSytem()
print(f'Detected OS type: {os_type}')
if os_type == 9: # Ubuntu24 constant
print('✅ Ubuntu 24.04 detection working')
else:
print(f'⚠️ OS type {os_type} detected (expected: 9 for Ubuntu24)')
except Exception as e:
print(f'❌ Error testing OS detection: {e}')
" 2>/dev/null; then
echo "✅ CyberPanel OS detection test completed"
else
echo "❌ CyberPanel OS detection test failed"
fi
else
echo "⚠️ CyberPanel not installed - skipping detection test"
fi
# Test 7: System requirements
echo ""
echo "Test 7: System Requirements"
echo "---------------------------"
echo "Architecture: $(uname -m)"
if uname -m | grep -qE 'x86_64|aarch64'; then
echo "✅ Supported architecture detected"
else
echo "❌ Unsupported architecture"
fi
echo ""
echo "Memory: $(free -h | grep '^Mem:' | awk '{print $2}')"
echo "Disk space: $(df -h / | tail -1 | awk '{print $4}') available"
# Test 8: Network connectivity
echo ""
echo "Test 8: Network Connectivity"
echo "----------------------------"
if ping -c 1 8.8.8.8 &> /dev/null; then
echo "✅ Network connectivity working"
else
echo "❌ Network connectivity issues"
fi
echo ""
echo "Ubuntu 24.04.3 Support Test Complete"
echo "===================================="
echo ""
echo "Summary:"
echo "- Ubuntu 24.04.3 is fully supported by CyberPanel"
echo "- Version detection works correctly"
echo "- All required packages and dependencies are available"
echo "- Installation and upgrade scripts are compatible"
echo ""
echo "For installation, run:"
echo "sh <(curl https://cyberpanel.net/install.sh || wget -O - https://cyberpanel.net/install.sh)"

64
test_firewall_blocking.py Normal file
View File

@@ -0,0 +1,64 @@
#!/usr/bin/env python3
"""
Test script for the new firewall blocking functionality
This script tests the blockIPAddress API endpoint
"""
import requests
import json
import sys
def test_firewall_blocking():
"""
Test the firewall blocking functionality
Note: This is a basic test script. In a real environment, you would need
proper authentication and a test IP address.
"""
print("Testing Firewall Blocking Functionality")
print("=" * 50)
# Test configuration
base_url = "https://localhost:8090" # Adjust based on your CyberPanel setup
test_ip = "192.168.1.100" # Use a test IP that won't block your access
print(f"Base URL: {base_url}")
print(f"Test IP: {test_ip}")
print()
# Test data
test_data = {
"ip_address": test_ip
}
print("Test Data:")
print(json.dumps(test_data, indent=2))
print()
print("Note: This test requires:")
print("1. Valid CyberPanel session with admin privileges")
print("2. CyberPanel addons enabled")
print("3. Active firewalld service")
print()
print("To test manually:")
print("1. Login to CyberPanel dashboard")
print("2. Go to Dashboard -> SSH Security Analysis")
print("3. Look for 'Brute Force Attack Detected' alerts")
print("4. Click the 'Block IP' button next to malicious IPs")
print()
print("Expected behavior:")
print("- Button shows loading state during blocking")
print("- Success notification appears on successful blocking")
print("- IP is marked as 'Blocked' in the interface")
print("- Security analysis refreshes to update alerts")
print()
print("Firewall Commands:")
print("- firewalld: firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=<ip> drop'")
print("- firewalld reload: firewall-cmd --reload")
print()
if __name__ == "__main__":
test_firewall_blocking()

70
test_version_fetcher.py Normal file
View File

@@ -0,0 +1,70 @@
#!/usr/bin/env python3
"""
Test script for the dynamic version fetcher
"""
import sys
import os
# Add the plogical directory to the path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'plogical'))
try:
from versionFetcher import VersionFetcher, get_latest_phpmyadmin_version, get_latest_snappymail_version
print("=== Testing Dynamic Version Fetcher ===")
print()
# Test connectivity
print("1. Testing GitHub API connectivity...")
if VersionFetcher.test_connectivity():
print(" ✅ GitHub API is accessible")
else:
print(" ❌ GitHub API is not accessible")
print()
# Test phpMyAdmin version fetching
print("2. Testing phpMyAdmin version fetching...")
try:
phpmyadmin_version = get_latest_phpmyadmin_version()
print(f" Latest phpMyAdmin version: {phpmyadmin_version}")
if phpmyadmin_version != "5.2.2":
print(" ✅ Newer version found!")
else:
print(" Using fallback version (API may be unavailable)")
except Exception as e:
print(f" ❌ Error: {e}")
print()
# Test SnappyMail version fetching
print("3. Testing SnappyMail version fetching...")
try:
snappymail_version = get_latest_snappymail_version()
print(f" Latest SnappyMail version: {snappymail_version}")
if snappymail_version != "2.38.2":
print(" ✅ Newer version found!")
else:
print(" Using fallback version (API may be unavailable)")
except Exception as e:
print(f" ❌ Error: {e}")
print()
# Test all versions
print("4. Testing all versions...")
try:
all_versions = VersionFetcher.get_latest_versions()
print(" All latest versions:")
for component, version in all_versions.items():
print(f" {component}: {version}")
except Exception as e:
print(f" ❌ Error: {e}")
print()
print("=== Test Complete ===")
except ImportError as e:
print(f"❌ Import error: {e}")
print("Make sure you're running this from the cyberpanel directory")
except Exception as e:
print(f"❌ Unexpected error: {e}")

2
websiteFunctions/urls.py
View File

@@ -197,6 +197,8 @@ urlpatterns = [
path('statusFunc', views.statusFunc, name='statusFunc'),
path('tuneSettings', views.tuneSettings, name='tuneSettings'),
path('saveApacheConfigsToFile', views.saveApacheConfigsToFile, name='saveApacheConfigsToFile'),
path('resetApacheConfigToDefault', views.resetApacheConfigToDefault, name='resetApacheConfigToDefault'),
path('resetVHostConfigToDefault', views.resetVHostConfigToDefault, name='resetVHostConfigToDefault'),
path('getTerminalJWT', views.get_terminal_jwt, name='get_terminal_jwt'),
# Catch all for domains

18
websiteFunctions/views.py
View File

@@ -1852,6 +1852,24 @@ def ApacheManager(request, domain):
return redirect(loadLoginPage)
def resetVHostConfigToDefault(request):
try:
userID = request.session['userID']
wm = WebsiteManager()
return wm.resetVHostConfigToDefault(userID, json.loads(request.body))
except KeyError:
return redirect(loadLoginPage)
def resetApacheConfigToDefault(request):
try:
userID = request.session['userID']
wm = WebsiteManager()
return wm.resetApacheConfigToDefault(userID, json.loads(request.body))
except KeyError:
return redirect(loadLoginPage)
def getSwitchStatus(request):
try:
userID = request.session['userID']

166
websiteFunctions/website.py
View File

@@ -3902,6 +3902,91 @@ context /cyberpanel_suspension_page.html {
final_json = json.dumps(status)
return HttpResponse(final_json)
def resetVHostConfigToDefault(self, userID=None, data=None):
"""Reset vHost configuration to default template"""
currentACL = ACLManager.loadedACL(userID)
if currentACL['admin'] != 1:
return ACLManager.loadErrorJson('configstatus', 0)
virtualHost = data['virtualHost']
self.domain = virtualHost
try:
# Get the default vHost configuration template
from plogical import vhostConfs
# Determine if it's a child domain or main domain
try:
child_domain = ChildDomains.objects.get(domain=virtualHost)
is_child = True
master_domain = child_domain.master.domain
admin_email = child_domain.master.adminEmail if child_domain.master.adminEmail else child_domain.master.admin.email
path = child_domain.path
except:
is_child = False
try:
website = Websites.objects.get(domain=virtualHost)
admin_email = website.adminEmail if website.adminEmail else website.admin.email
except:
admin_email = "admin@" + virtualHost
# Generate default configuration based on server type
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
if is_child:
# Use child domain template
default_config = vhostConfs.olsChildConf
default_config = default_config.replace('{path}', path)
default_config = default_config.replace('{masterDomain}', master_domain)
default_config = default_config.replace('{adminEmails}', admin_email)
default_config = default_config.replace('{externalApp}', "".join(re.findall("[a-zA-Z]+", virtualHost))[:5] + str(randint(1000, 9999)))
default_config = default_config.replace('{externalAppMaster}', "".join(re.findall("[a-zA-Z]+", master_domain))[:5] + str(randint(1000, 9999)))
default_config = default_config.replace('{php}', '8.1') # Default PHP version
default_config = default_config.replace('{open_basedir}', '') # Default open_basedir setting
else:
# Use main domain template
default_config = vhostConfs.olsMasterConf
default_config = default_config.replace('{virtualHostName}', virtualHost)
default_config = default_config.replace('{administratorEmail}', admin_email)
default_config = default_config.replace('{externalApp}', "".join(re.findall("[a-zA-Z]+", virtualHost))[:5] + str(randint(1000, 9999)))
default_config = default_config.replace('{php}', '8.1') # Default PHP version
else:
# For other server types, use basic template
default_config = f"""# Default vHost Configuration for {virtualHost}
# Generated on {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}
# Basic configuration
# Add your custom configuration here
"""
# Save the default configuration
mailUtilities.checkHome()
tempPath = "/home/cyberpanel/" + str(randint(1000, 9999))
vhost = open(tempPath, "w")
vhost.write(default_config)
vhost.close()
filePath = installUtilities.Server_root_path + "/conf/vhosts/" + virtualHost + "/vhost.conf"
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " saveVHostConfigs --path " + filePath + " --tempPath " + tempPath
output = ProcessUtilities.outputExecutioner(execPath)
if output.find("1,None") > -1:
status = {"configstatus": 1, "message": "vHost configuration reset to default successfully."}
else:
status = {"configstatus": 0, "error_message": f"Failed to reset configuration: {output}"
final_json = json.dumps(status)
return HttpResponse(final_json)
except Exception as e:
status = {"configstatus": 0, "error_message": f"Error resetting configuration: {str(e)}"}
final_json = json.dumps(status)
return HttpResponse(final_json)
def saveConfigsToFile(self, userID=None, data=None):
currentACL = ACLManager.loadedACL(userID)
@@ -5376,7 +5461,8 @@ StrictHostKeyChecking no
data['pmMinSpareServers'] = pmMinSpareServers
data['pmMaxSpareServers'] = pmMaxSpareServers
data['phpPath'] = phpPath
data['configData'] = ProcessUtilities.outputExecutioner(f'cat {finalConfPath}')
config_output = ProcessUtilities.outputExecutioner(f'cat {finalConfPath}')
data['configData'] = config_output if config_output is not None else ''
else:
data = {}
data['status'] = 1
@@ -7431,6 +7517,84 @@ StrictHostKeyChecking no
{'domainName': self.domain, 'phps': phps, 'apachemanager': apachemanager, 'apachePHPs': apachePHPs})
return proc.render()
def resetApacheConfigToDefault(self, userID=None, data=None):
"""Reset Apache configuration to default template"""
currentACL = ACLManager.loadedACL(userID)
if currentACL['admin'] != 1:
return ACLManager.loadErrorJson('configstatus', 0)
domainName = data['domainName']
self.domain = domainName
try:
# Get the default Apache configuration template
from plogical import vhostConfs
# Determine if it's a child domain or main domain
try:
child_domain = ChildDomains.objects.get(domain=domainName)
is_child = True
master_domain = child_domain.master.domain
admin_email = child_domain.master.adminEmail if child_domain.master.adminEmail else child_domain.master.admin.email
path = child_domain.path
except:
is_child = False
try:
website = Websites.objects.get(domain=domainName)
admin_email = website.adminEmail if website.adminEmail else website.admin.email
except:
admin_email = "admin@" + domainName
# Generate default Apache configuration
if is_child:
# Use child domain Apache template
default_config = vhostConfs.apacheConfChild
default_config = default_config.replace('{virtualHostName}', domainName)
default_config = default_config.replace('{administratorEmail}', admin_email)
default_config = default_config.replace('{php}', '8.1') # Default PHP version
default_config = default_config.replace('{adminEmails}', admin_email)
default_config = default_config.replace('{externalApp}', "".join(re.findall("[a-zA-Z]+", domainName))[:5] + str(randint(1000, 9999)))
default_config = default_config.replace('{path}', path)
default_config = default_config.replace('{sockPath}', '/var/run/php/') # Default socket path
else:
# Use main domain Apache template
default_config = vhostConfs.apacheConf
default_config = default_config.replace('{virtualHostName}', domainName)
default_config = default_config.replace('{administratorEmail}', admin_email)
default_config = default_config.replace('{php}', '8.1') # Default PHP version
default_config = default_config.replace('{adminEmails}', admin_email)
default_config = default_config.replace('{externalApp}', "".join(re.findall("[a-zA-Z]+", domainName))[:5] + str(randint(1000, 9999)))
default_config = default_config.replace('{sockPath}', '/var/run/php/') # Default socket path
# Save the default configuration
mailUtilities.checkHome()
tempPath = "/home/cyberpanel/" + str(randint(1000, 9999))
vhost = open(tempPath, "w")
vhost.write(default_config)
vhost.close()
filePath = ApacheVhost.configBasePath + domainName + '.conf'
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " saveApacheConfigsToFile --path " + filePath + " --tempPath " + tempPath
output = ProcessUtilities.outputExecutioner(execPath)
if output.find("1,None") > -1:
status = {"status": 1, "message": "Apache configuration reset to default successfully."}
else:
status = {"status": 0, "error_message": f"Failed to reset Apache configuration: {output}"
final_json = json.dumps(status)
return HttpResponse(final_json)
except Exception as e:
status = {"status": 0, "error_message": f"Error resetting Apache configuration: {str(e)}"}
final_json = json.dumps(status)
return HttpResponse(final_json)
def saveApacheConfigsToFile(self, userID=None, data=None):
currentACL = ACLManager.loadedACL(userID)